<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8" />
    <title>Home Page</title>
</head>
<body>
<p>Hello <span th:text="${user}"></span>.</p>
<p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
<p>
    <a th:href="@{/swagger-ui.html}">Swagger</a>&nbsp;&nbsp;
    <a th:href="@{/codeinject?filepath=/tmp;cat /etc/passwd}">命令注入漏洞</a>&nbsp;&nbsp;
    <a th:href="@{/jsonp/getToken?_callback=test}">JSONP</a>&nbsp;&nbsp;
    <a th:href="@{/file/pic}">图片上传</a>&nbsp;&nbsp;
    <a th:href="@{/file/any}">任意文件上传</a>&nbsp;&nbsp;
    <a th:href="@{/cors/vuln/origin}">Cors</a>&nbsp;&nbsp;
    <a th:href="@{/path_traversal/vul?filepath=../../../../../etc/passwd}">目录穿越漏洞</a>&nbsp;&nbsp;
    <a th:href="@{sqli/jdbc/vuln?username=admin' or '1'='1}">Sql注入漏洞（存在过滤函数）</a>&nbsp;&nbsp;
    <a th:href="@{sqli/jdbc/ps/vuln?username=admin' or '1'='1}">Sql注入漏洞</a>&nbsp;&nbsp;
    <a th:href="@{/ssrf/urlConnection/vuln?url=http://baidu.com}">SSRF</a>&nbsp;&nbsp;
    <a th:href="@{/urlRedirect/redirect?url=http://www.baidu.com}">URl重定向</a>&nbsp;&nbsp;
    <a th:href="@{/rce/runtime/exec?cmd=whoami}">命令执行</a>&nbsp;&nbsp;
    <a th:href="@{/user/list}">个人敏感信息泄露</a>&nbsp;&nbsp;
    <a th:href="@{/deserialize/rememberMe/vuln}">反序列化：cookie：java -jar ysoserial.jar CommonsCollections5 "open -a Calculator" | base64</a>
    <a th:href="@{/ooxml/upload}">ooxml XXE</a>&nbsp;&nbsp;
    <a th:href="@{/xlsx-streamer/upload}">xlsx-streamer XXE</a>
    <a th:href="@{/env}">actuator env</a>
</p>

<P>
    <a th:href="@{/jwt/createToken}">JWTCreateToken</a>
    <a th:href="@{/jwt/getName}">GetUserFromJWTToken</a>
</P>
<p>...</p>
<a th:href="@{/logout}">logout</a>

</body>
</html>
